mirror of https://github.com/fail2ban/fail2ban
25 lines
983 B
Plaintext
25 lines
983 B
Plaintext
# Fail2Ban filter for exim the spam rejection messages
|
|
#
|
|
## For the SA: Action: silently tossed message... to be logged exim's SAdevnull option needs to be used.
|
|
|
|
[INCLUDES]
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
# exim-common.local
|
|
before = exim-common.conf
|
|
|
|
[Definition]
|
|
|
|
failregex = ^%(pid)s \S+ F=(<>|\S+@\S+) %(host_info)srejected by local_scan\(\): .{0,256}$
|
|
^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: .*dnsbl.*\s*$
|
|
^%(pid)s \S+ %(host_info)sF=(<>|[^@]+@\S+) rejected after DATA: This message contains a virus \(\S+\)\.\s*$
|
|
^%(pid)s \S+ SA: Action: silently tossed message: score=\d+\.\d+ required=\d+\.\d+ trigger=\d+\.\d+ \(scanned in \d+/\d+ secs \| Message-Id: \S+\)\. From \S+ \(host=(\S+ )?\[<HOST>\]\) for \S+$
|
|
|
|
ignoreregex =
|
|
|
|
# DEV Notes:
|
|
# The %(host_info) defination contains a <HOST> match
|
|
#
|
|
# Author: Cyril Jaquier
|
|
# Daniel Black (rewrote with strong regexs)
|